Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Cisco Identity Services Engine with Integrated Security Information and Event Management

advertisement 
At-a-Glance
Cisco Identity Services
Engine with Integrated
Security Information
and Event Management
and Threat Defense
Platforms
Benefits
• Decrease time to event
classification by using Cisco®
Identity Services Engine (ISE)
contextual information to
expedite the classification of
security events.
• Improve SIEM analytic policies
by differentiating users, groups,
and devices using the engine’s
contextual information to create
analytic policies specific to
users, groups, or devices.
• Decrease security risk from
devices with security posture
failures by using Cisco ISE
endpoint posture information
to create analytic policies
specific to endpoints that have
a noncompliant posture status.
• Improve visibility and analysis of
Cisco ISE telemetry and event
data by analyzing and providing
alerts based on anomalies in
Cisco ISE event data, such
as excessive authentication
attempts.
Gain Visibility into Network Threats and Remediate
Cisco® Identity Services Engine (ISE) integrates with leading security
event and information management (SIEM) and threat defense (TD)
platforms to bring together a networkwide view of security event
analysis and relevant identity and device context.
Cisco ISE uses Cisco Platform Exchange Grid (pxGrid) technology to
share contextual data with leading SIEM and TD partner solutions. The
combination of these integrated technologies gives security analysts the
ability to quickly and easily assess the significance of security events
by correlating expanded context with the security alerts. Cisco ISE,
using pxGrid technology, enables the SIEM and TD system management
consoles to display contextual information pulled from the engine about
each security event.
The data can include the identity and level of access of each user and
the type of device used. This information permits the analyst to more
quickly determine where the event is coming from, whether it needs
further investigation, and, if so, how urgent is the threat. Cisco ISE
can then be used to take mitigation actions. Identity Services Engine
integrations with SIEM and TD platforms also allow for enhanced
security monitoring, including mobility-aware security analytics. The
enhanced capabilities from The enhanced capabilities from Cisco ISE
with SIEM and TD integration streamline the process of threat detection,
simplify execution of responses by IT, and greatly reduce the time to
remediation of network security threats.
© 2015 Cisco and/or its affiliates. All rights reserved.
nce
At-a-Glance
Next Steps
To learn more about the Cisco Identity
Services Engine, visit http://www.cisco.
com/go/ISE.
For additional information regarding
Identity Services Engine SIEM/TD
partners, visit http://www.cisco.com/c/
en/us/products/security/partnerecosystem.html.
How Cisco Identity Services Engine Integrations with SIEM
and TD Solutions Works
The Identity Services Engine provides its user identity and device
contextual information to SIEM and TD partner platforms. Then:
• Cisco ISE contextual data is used to create new security analysis
classes for high-risk user populations or devices, such as policies
specific to mobile devices or users with access to highly sensitive
information.
• Cisco ISE contextual data is also appended to associated events in
the SIEM and TD partner solutions to provide the additional context
of the user, device, and access level. The information helps analysts
better decipher the significance of a security event.
• Users of SIEM TD partner products can then use the Identity Services
Engine as a conduit for taking mitigation actions within the Cisco
network infrastructure. The engine can undertake a quarantine or
access-block action on users and devices based on policies defined
by the engine for such actions.
• All of these functions can be logged and reported on within the SIEM
and TD products, providing unified, networkwide security reporting.
Some of the main attributes of the Identity Services Engine available for
use SEIM and TD for user- and device-related context are:
• User: User name, IP address, authentication status, location
• User class: Authorization group, guest, quarantined
• Device: Manufacturer, model, OS, OS version, MAC address,
IP address, network connection method (wired or wireless), location
• Posture: Posture compliance status, antivirus installed, antivirus
version, OS patch level, mobile device posture compliance status
through mobile device management (MDM) ecosystem partners
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of
Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/
go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
C45-732858-01 05/15
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Open Source Used In Unified Screen and
Open Source Used In Unified Screen and
Cisco Customer Outcome Enablement Program Terms Pilot Phase Updated: 10/05/2015
Cisco Customer Outcome Enablement Program Terms Pilot Phase Updated: 10/05/2015
Download
advertisement